Datadog新事件API迁移失败

发布于 2025-01-27 18:30:36 字数 2167 浏览 4 评论 0原文

我正在将我们的DataDog监视器之一从event Alert升级到event-v2警报以下此迁移指南。我们的监视器是使用Datadog Terraform提供商创建的。

当前监视器使用事件警报类型：

resource "datadog_monitor" "guardduty_high_severity_findings" {
  name = "[tf] [${terraform.workspace}] AWS Guardduty Reporting High Severity Findings"
  type = "event alert"

  message = <<EOT
Some custom message
EOT

  escalation_message = <<EOT
<nil>
EOT

  tags              = ["system:ops", "service:aws"]
  query             = "events('sources:sns priority:all').rollup('count').last('xm') > 0"
  notify_no_data    = false
  no_data_timeframe = 0
  renotify_interval = 0
  notify_audit      = false
  timeout_h         = 0
  include_tags      = true
}

此监视器在检测到AWS GuardDuty事件后，该监视器按预期工作，DataDog警报将触发。

使用event-v2警报类型的迁移监视器：

resource "datadog_monitor" "guardduty_high_severity_findings" {
  name = "[tf] [${terraform.workspace}] AWS Guardduty Reporting High Severity Findings"
  type = "event-v2 alert"

  message = <<EOT
Some custom message
EOT

  escalation_message = <<EOT
<nil>
EOT

  tags              = ["system:ops", "service:aws"]
  query             = "events('sources:amazon_sns').rollup('count').last('xm') > 0"
  notify_no_data    = false
  no_data_timeframe = 0
  renotify_interval = 0
  notify_audit      = false
  timeout_h         = 0
  include_tags      = true
}

但是，在执行Terraform计划时，这会出现错误，称该请求由于无效的查询格式而被DataDog拒绝。

$ terraform plan
...
Error: error validating monitor from https://api.datadoghq.com/api/v1/monitor/validate: 400 Bad Request: {"errors": ["The value provided for parameter 'query' is invalid: invalid operator specified: "]}

  with datadog_monitor.guardduty_high_severity_findings,
  on monitors-static.tf line 106, in resource "datadog_monitor" "guardduty_high_severity_findings":
 106: resource "datadog_monitor" "guardduty_high_severity_findings" {

感谢是否有人可以帮助弄清楚这里的问题。

原文

I'm upgrading one of our datadog monitors from event alert to event-v2 alert following this migration guide. Our monitors are created using Datadog Terraform provider.

Current monitor using event alert type:

resource "datadog_monitor" "guardduty_high_severity_findings" {
  name = "[tf] [${terraform.workspace}] AWS Guardduty Reporting High Severity Findings"
  type = "event alert"

  message = <<EOT
Some custom message
EOT

  escalation_message = <<EOT
<nil>
EOT

  tags              = ["system:ops", "service:aws"]
  query             = "events('sources:sns priority:all').rollup('count').last('xm') > 0"
  notify_no_data    = false
  no_data_timeframe = 0
  renotify_interval = 0
  notify_audit      = false
  timeout_h         = 0
  include_tags      = true
}

This monitor works as expected and Datadog alerts get triggered once AWS GuardDuty incident is detected.

Migrated monitor using event-v2 alert type:

resource "datadog_monitor" "guardduty_high_severity_findings" {
  name = "[tf] [${terraform.workspace}] AWS Guardduty Reporting High Severity Findings"
  type = "event-v2 alert"

  message = <<EOT
Some custom message
EOT

  escalation_message = <<EOT
<nil>
EOT

  tags              = ["system:ops", "service:aws"]
  query             = "events('sources:amazon_sns').rollup('count').last('xm') > 0"
  notify_no_data    = false
  no_data_timeframe = 0
  renotify_interval = 0
  notify_audit      = false
  timeout_h         = 0
  include_tags      = true
}

However, this gives an error when performing a terraform plan saying that the request has been rejected by DataDog due to invalid query format.

$ terraform plan
...
Error: error validating monitor from https://api.datadoghq.com/api/v1/monitor/validate: 400 Bad Request: {"errors": ["The value provided for parameter 'query' is invalid: invalid operator specified: "]}

  with datadog_monitor.guardduty_high_severity_findings,
  on monitors-static.tf line 106, in resource "datadog_monitor" "guardduty_high_severity_findings":
 106: resource "datadog_monitor" "guardduty_high_severity_findings" {

Appreciate if anyone could help with figuring out what's wrong here.

分享到QQ

分享到微博